Training - AccessData
0

FTK 3 Transition Day

NOTE: AccessData BootCamp is a prerequisite for the FTK 3 Transition Day.

Computer forensics involves acquiring, analyzing, decrypting and reporting the stored or recorded digital information for use as evidence in civil, criminal or administrative cases. Law enforcement, network administrators, attorneys, and private investigators now rely on computer forensic software tools to aid in their investigations. AccessData's Forensic Toolkit (FTK) enables organizations worldwide to analyze and search electronic evidence in computer-related crimes including, terrorism, intellectual property and personal identity theft, corporate fraud, child exploitation, illegal commerce and company policy violations.

In this 1 day workshop attendees will install and configure the new FTK version 3.

Exercises will include:

  • Configuring new usability modes with user defined TABs and docking panes
  • Creating and processing cases to include GUID partition based evidence
  • Creating filters with the newly enhanced File Filter Manager to include nested filters as rules
  • Using the new content viewer to play videos and examine Unicode character set information
  • Using the new divot functionality
  • Creating bookmarks with the new bookmark manager to include nested bookmarks, new comment fields, multiple file position markers and more.
  • Using the new report wizard to develop drag and drop report fields, new sort fields and new thumbnail and bookmark enhancements.

In addition to learning new features, differences between FTK 1x and 3x architecture will be discussed. Topics discussed include:
  • Simultaneous multiple user case access
  • The use of the relational Oracle database
  • True multi-threaded processing for immediate data access
  • Upcoming distributed client/server architecture for case analysis
  • User defined permissions and access (ignorable and privileged data)

Enhanced data processing feature aspects will be covered relating to:

  • EXIF information
  • Registry file initialization
  • Enhanced email format support
  • User interactive case file type categorization
  • FTK encrypted file identification and decryption

This course is a must for FTK1x users wishing to transition to the new FTK 3x.